From 5dbf6cddd55b347763b455a8d9a07915c00c00dc Mon Sep 17 00:00:00 2001
From: arno01 <andrey.arapov@gmail.com>
Date: Tue, 9 Apr 2013 17:21:09 +0200
Subject: [PATCH] updates

---
 exam4/HOWTO           |   6 ++++++
 exam4/decoder.nasm    |   0
 exam4/encoder.sh      |  13 +++++++++++++
 exam4/helloworld      | Bin 0 -> 524 bytes
 exam4/helloworld.nasm |  25 +++++++++++++++++++++++++
 exam4/helloworld.o    | Bin 0 -> 448 bytes
 exam6/.gdb_history    |  17 +++++++++++++++++
 exam6/HOWTO           |   6 ++++++
 exam6/decoder.nasm    |   0
 exam6/decoder.py      |  18 ++++++++++++++++++
 exam6/encoder.py      |  18 ++++++++++++++++++
 exam6/helloworld      | Bin 0 -> 524 bytes
 exam6/helloworld.nasm |  25 +++++++++++++++++++++++++
 exam6/helloworld.o    | Bin 0 -> 448 bytes
 14 files changed, 128 insertions(+)
 create mode 100644 exam4/HOWTO
 create mode 100644 exam4/decoder.nasm
 create mode 100755 exam4/encoder.sh
 create mode 100755 exam4/helloworld
 create mode 100644 exam4/helloworld.nasm
 create mode 100644 exam4/helloworld.o
 create mode 100644 exam6/.gdb_history
 create mode 100644 exam6/HOWTO
 create mode 100644 exam6/decoder.nasm
 create mode 100755 exam6/decoder.py
 create mode 100755 exam6/encoder.py
 create mode 100755 exam6/helloworld
 create mode 100644 exam6/helloworld.nasm
 create mode 100644 exam6/helloworld.o

diff --git a/exam4/HOWTO b/exam4/HOWTO
new file mode 100644
index 0000000..048796c
--- /dev/null
+++ b/exam4/HOWTO
@@ -0,0 +1,6 @@
+Compile and run
+nasm -f elf32 -o helloworld.o helloworld.nasm && ld -m elf_i386 -o helloworld helloworld.o && ./helloworld ; echo $?
+
+Get shellcode
+for i in $(objdump -d helloworld -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done;echo
+
diff --git a/exam4/decoder.nasm b/exam4/decoder.nasm
new file mode 100644
index 0000000..e69de29
diff --git a/exam4/encoder.sh b/exam4/encoder.sh
new file mode 100755
index 0000000..11af6fe
--- /dev/null
+++ b/exam4/encoder.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env sh
+
+echo "Original shellcode"
+for i in $(objdump -d helloworld -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done; echo
+
+echo ""
+
+
+echo "Encoded shellcode"
+Y=2; for i in $(objdump -d helloworld -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; if [[ $Y -gt 1 ]];then echo -n '\xAA'; Y=$[Y-1]; else Y=$[Y+1]; fi; done; echo
+
+echo ""
+
diff --git a/exam4/helloworld b/exam4/helloworld
new file mode 100755
index 0000000000000000000000000000000000000000..6a6efad5e44f0349d67885a1f6d0626fee0e23cf
GIT binary patch
literal 524
zcmb<-^>JflWMqH=CI)5(5HF#Dg~J3$FM&#!Fem`UH5gbKn85O2VW1iYAZ`G1K$sPX
z83aHC0vH}Jylr@C1IuQ{jMSo3t_+XNkc`fUn>fxk7~bB%c(#E-uedU|Bryp{mlQ$h
z3>d2<wW0)J5@D7!PzlKGY(NZhe*%zJ0Ad(`IZY5Kzzh=v(hWeYh{Ok(0RkYJ3Cw~J
zIY5B|Ad>}%LHa>7$V^TsA4q}09iTb`7zaqh%tI1_GePbIaX_Jttd51@<A0DlVe$e%
zSqUJ&VFE<G08m~9jjxTyXUIs+$;mIzFUm>L%S$ZIWr!~>Nh~U1h>uSyE{3sFQxZ!O
K8RAp(QWyXf=|YGA

literal 0
HcmV?d00001

diff --git a/exam4/helloworld.nasm b/exam4/helloworld.nasm
new file mode 100644
index 0000000..0e205e9
--- /dev/null
+++ b/exam4/helloworld.nasm
@@ -0,0 +1,25 @@
+; helloworld.nasm
+; 2013 April
+;
+
+section .text
+global _start
+
+_start:
+	xor eax,eax
+	xor ebx,ebx
+	xor edx,edx
+
+	; write('hi there')
+	mov al,4		; write
+	mov bl,1		; stdout
+	push 0x0a657265		; 'ere\n' in reverse
+	push 0x68546948		; 'HiTh' in reverse
+	mov ecx, esp		; ecx is a pointer to stack
+	mov dl, 8		; length of message
+	int 0x80
+
+	; exit(0)
+	xor ebx,ebx
+	mov al,1		; exit
+	int 0x80
diff --git a/exam4/helloworld.o b/exam4/helloworld.o
new file mode 100644
index 0000000000000000000000000000000000000000..f4d170bd097f9b053ccd8c0b2f998e2b447795de
GIT binary patch
literal 448
zcmb<-^>JflWMqH=Mh0dE1doBi0V-hvrZpH?8JJ*7Nuoh!f-oCYmjIBX0A+(H0Vtat
zNHas(Aj$x!P7#R@<br`9kVJM#0#L#MD8>TBApIa3WTqsP52V0g0Z^R;j02=$=D~yv
z4;bDyytIL3Gh;?-Q7Tu4M`lPy=fh1LXB!M}Z(uyzz@S%>T2aEFSDaB?QdE+d1Y}j_
zLTCsdW)Kb<**+GAkN=UCfkGbSFBlL2xh^9$Cnvu=zbGd~FE6n;mm$8mB(bOjri1|i
DT-PXk

literal 0
HcmV?d00001

diff --git a/exam6/.gdb_history b/exam6/.gdb_history
new file mode 100644
index 0000000..a0cdff9
--- /dev/null
+++ b/exam6/.gdb_history
@@ -0,0 +1,17 @@
+b _start 
+run
+stepi
+xprint $edx
+xprint $edx+0x4
+xprint $edx+0x5
+xprint $edx+0x3
+xprint $edx+0x4
+xprint $edx+0x1
+xprint $edx+0x2
+xprint $edx+0x3
+si
+si
+si
+si
+si
+si
diff --git a/exam6/HOWTO b/exam6/HOWTO
new file mode 100644
index 0000000..048796c
--- /dev/null
+++ b/exam6/HOWTO
@@ -0,0 +1,6 @@
+Compile and run
+nasm -f elf32 -o helloworld.o helloworld.nasm && ld -m elf_i386 -o helloworld helloworld.o && ./helloworld ; echo $?
+
+Get shellcode
+for i in $(objdump -d helloworld -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done;echo
+
diff --git a/exam6/decoder.nasm b/exam6/decoder.nasm
new file mode 100644
index 0000000..e69de29
diff --git a/exam6/decoder.py b/exam6/decoder.py
new file mode 100755
index 0000000..ed292d1
--- /dev/null
+++ b/exam6/decoder.py
@@ -0,0 +1,18 @@
+#!/usr/bin/env python
+import sys
+
+#if len(sys.argv) < 2:
+#	sys.exit('Usage: %s \\xshellcode' % sys.argv[0])
+
+#s=sys.argv[1]
+
+s='\x34\xc5\x34\xde\x34\xd7\xb5\x01\xb6\x04\x6d\x60\x77\x60\x0f\x6d\x4d\x6c\x51\x6d\x8c\xe4\xb7\x0d\xc8\x85\x34\xde\xb5\x04\xc8\x85'
+e=[]
+
+print "Decoded shellcode"
+for i in range(len(s)):
+	e=(int(s[i].encode('hex'),16) ^ 0x5)
+	print '\\x%0.2x' % e,
+	sys.stdout.write('')
+
+print ""
diff --git a/exam6/encoder.py b/exam6/encoder.py
new file mode 100755
index 0000000..6a03d1a
--- /dev/null
+++ b/exam6/encoder.py
@@ -0,0 +1,18 @@
+#!/usr/bin/env python
+import sys
+
+#if len(sys.argv) < 2:
+#	sys.exit('Usage: %s \\xshellcode' % sys.argv[0])
+
+#s=sys.argv[1]
+
+s='\x31\xc0\x31\xdb\x31\xd2\xb0\x04\xb3\x01\x68\x65\x72\x65\x0a\x68\x48\x69\x54\x68\x89\xe1\xb2\x08\xcd\x80\x31\xdb\xb0\x01\xcd\x80'
+e=[]
+
+print "Encoded shellcode"
+for i in range(len(s)):
+	e=(int(s[i].encode('hex'),16) ^ 0x5)
+	print '\\x%0.2x' % e,
+	sys.stdout.write('')
+
+print ""
diff --git a/exam6/helloworld b/exam6/helloworld
new file mode 100755
index 0000000000000000000000000000000000000000..6a6efad5e44f0349d67885a1f6d0626fee0e23cf
GIT binary patch
literal 524
zcmb<-^>JflWMqH=CI)5(5HF#Dg~J3$FM&#!Fem`UH5gbKn85O2VW1iYAZ`G1K$sPX
z83aHC0vH}Jylr@C1IuQ{jMSo3t_+XNkc`fUn>fxk7~bB%c(#E-uedU|Bryp{mlQ$h
z3>d2<wW0)J5@D7!PzlKGY(NZhe*%zJ0Ad(`IZY5Kzzh=v(hWeYh{Ok(0RkYJ3Cw~J
zIY5B|Ad>}%LHa>7$V^TsA4q}09iTb`7zaqh%tI1_GePbIaX_Jttd51@<A0DlVe$e%
zSqUJ&VFE<G08m~9jjxTyXUIs+$;mIzFUm>L%S$ZIWr!~>Nh~U1h>uSyE{3sFQxZ!O
K8RAp(QWyXf=|YGA

literal 0
HcmV?d00001

diff --git a/exam6/helloworld.nasm b/exam6/helloworld.nasm
new file mode 100644
index 0000000..0e205e9
--- /dev/null
+++ b/exam6/helloworld.nasm
@@ -0,0 +1,25 @@
+; helloworld.nasm
+; 2013 April
+;
+
+section .text
+global _start
+
+_start:
+	xor eax,eax
+	xor ebx,ebx
+	xor edx,edx
+
+	; write('hi there')
+	mov al,4		; write
+	mov bl,1		; stdout
+	push 0x0a657265		; 'ere\n' in reverse
+	push 0x68546948		; 'HiTh' in reverse
+	mov ecx, esp		; ecx is a pointer to stack
+	mov dl, 8		; length of message
+	int 0x80
+
+	; exit(0)
+	xor ebx,ebx
+	mov al,1		; exit
+	int 0x80
diff --git a/exam6/helloworld.o b/exam6/helloworld.o
new file mode 100644
index 0000000000000000000000000000000000000000..f4d170bd097f9b053ccd8c0b2f998e2b447795de
GIT binary patch
literal 448
zcmb<-^>JflWMqH=Mh0dE1doBi0V-hvrZpH?8JJ*7Nuoh!f-oCYmjIBX0A+(H0Vtat
zNHas(Aj$x!P7#R@<br`9kVJM#0#L#MD8>TBApIa3WTqsP52V0g0Z^R;j02=$=D~yv
z4;bDyytIL3Gh;?-Q7Tu4M`lPy=fh1LXB!M}Z(uyzz@S%>T2aEFSDaB?QdE+d1Y}j_
zLTCsdW)Kb<**+GAkN=UCfkGbSFBlL2xh^9$Cnvu=zbGd~FE6n;mm$8mB(bOjri1|i
DT-PXk

literal 0
HcmV?d00001